Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th.

In-The-Wild & Disclosed CVEs


CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control the Remote Desktop Server to which the client has connected. Upon connecting to the malicious server, code is executed on the client system. While Microsoft has said that exploitation is more likely, the fact that an attacker must control a malicious server and that the user must willingly connect to it will mitigate the risk presented by this vulnerability.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.


A local privilege escalation vulnerability exists within the Windows Fax and Scan Service that could allow privilege escalation on all supported versions of Windows. In order to exploit this vulnerability, an attacker would need to already have authenticated access to the system. Unfortunately, not a lot of details are available to help us determine exactly where the vulnerability exists.  

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


This is an interesting vulnerability when you read everything that Microsoft has written about it. The confidentiality, integrity, and availability aspects of the CVSS score are set to low with Microsoft stating that the ability to exploit the vulnerability is limited because it must be used in combination with other vulnerabilities. Additionally, a user must perform an action to trigger the payload. The fact that this requires the user to take action and that other vulnerabilities be used is interesting when paired with the fact that Microsoft listed Privileges Required as None.  The multitude of factors needed to create exploit conditions indicates that it is unlikely that we will see exploits surface for this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
TagCVE CountCVEs
Windows Fastfat Driver1CVE-2022-23293
Tablet Windows User Interface1CVE-2022-24460
Microsoft Office Word2CVE-2022-24462, CVE-2022-24511
Windows Media1CVE-2022-21973
Windows Installer1CVE-2022-23296
Windows Common Log File System Driver1CVE-2022-23281
Microsoft Defender for IoT2CVE-2022-23265, CVE-2022-23266
Microsoft Windows ALPC3CVE-2022-23283, CVE-2022-23287, CVE-2022-24505
Microsoft Windows Codecs Library13CVE-2022-21977, CVE-2022-22010, CVE-2022-23295, CVE-2022-23300, CVE-2022-23301, CVE-2022-22006, CVE-2022-22007, CVE-2022-24451, CVE-2022-24452, CVE-2022-24453, CVE-2022-24501, CVE-2022-24456, CVE-2022-24457
Visual Studio Code1CVE-2022-24526
Windows Cloud Files Mini Filter Driver1CVE-2022-23286
Windows Security Support Provider Interface1CVE-2022-24454
Windows Ancillary Function Driver for WinSock1CVE-2022-24507
Windows Event Tracing1CVE-2022-23294
Windows Kernel2CVE-2022-23298, CVE-2022-23297
Windows DWM Core Library2CVE-2022-23291, CVE-2022-23288
Microsoft Exchange Server2CVE-2022-24463, CVE-2022-23277
Windows Point-to-Point Tunneling Protocol1CVE-2022-23253
Windows Remote Desktop3CVE-2022-21990, CVE-2022-24503, CVE-2022-23285
Microsoft Office Visio3CVE-2022-24509, CVE-2022-24461, CVE-2022-24510
Azure Site Recovery11CVE-2022-24506, CVE-2022-24515, CVE-2022-24467, CVE-2022-24468, CVE-2022-24469, CVE-2022-24517, CVE-2022-24470, CVE-2022-24518, CVE-2022-24519, CVE-2022-24471, CVE-2022-24520
Windows CD-ROM Driver1CVE-2022-24455
Paint 3D1CVE-2022-23282
.NET and Visual Studio3CVE-2022-24512, CVE-2022-24464, CVE-2020-8927
Windows Update Stack1CVE-2022-24525
Windows Print Spooler Components1CVE-2022-23284
Role: Windows Hyper-V1CVE-2022-21975
Windows PDEV1CVE-2022-23299
Windows HTML Platform1CVE-2022-24502
Microsoft Defender for Endpoint1CVE-2022-23278
Microsoft Edge (Chromium-based)21CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809
Windows COM1CVE-2022-23290
Windows SMB Server1CVE-2022-24508
Windows Fax and Scan Service1CVE-2022-24459
Microsoft Intune1CVE-2022-24465
Skype Extension for Chrome1CVE-2022-24522

Other Information

There were no new advisories included with the March Security Guidance.